How Ziviro collects, uses, and protects your information.
Last Updated: May 20, 2026
Ziviro LLC (“Ziviro,” “we,” “us,” or “our”) is a Pennsylvania limited liability company that operates the website getziviro.com (the “Site”) and provides done-for-you automation services for local service businesses (the “Services”). This Privacy Policy describes how we collect, use, disclose, retain, and protect information when you visit our Site, interact with our Services, or otherwise communicate with us. It applies to two categories of individuals:
By using our Site or Services, you acknowledge that you have read and understood this Privacy Policy. If you are a Business Client, your use of our Services is also governed by our Terms of Service and any applicable service agreement.
We collect information in three ways: directly from you, automatically through technology, and from our Business Clients.
Our Business Clients may provide us with information about their customers (“End-User Data”) in order for us to perform Services on their behalf, including customer names, phone numbers, email addresses, service history, appointment records, estimate/invoice status, and past-due balances. In this capacity, Ziviro acts as a service provider (also referred to as a “data processor” under applicable state privacy laws that use such terminology) on behalf of the Business Client (the “business” or “data controller”). Our processing of End-User Data is governed by our service agreement with the Business Client and applicable law.
For lead generation and enrichment services, we may collect publicly available business information from sources including Google Maps, Google Business Profiles, public business directories, and publicly accessible business websites. This information may include business name, address, phone number, website URL, Google rating, review count, business category, and hours of operation. Website content may be accessed using automated tools for the purpose of generating business profiles and AI-powered prospect research.
When a business subscribes to Ziviro’s Services, we collect additional business-specific information necessary to configure, register, and operate our platform on your behalf. This information includes:
EIN security: Your EIN is stored securely, encrypted at rest, transmitted only to Twilio and The Campaign Registry for A2P 10DLC registration, and is never sold, shared with third parties for marketing purposes, displayed in any client-facing portal, or used for any purpose other than telecommunications compliance registration.
We use the information we collect for the following purposes:
Ziviro uses artificial intelligence (“AI”) extensively to power our services. We believe in full transparency about how AI processes your information:
Inbound phone calls are answered by AI voice agents powered by ElevenLabs’ conversational AI platform. These agents use speech recognition to understand spoken language, natural language processing to determine intent, and speech synthesis to generate spoken responses. Each agent identifies itself as an AI assistant at the beginning of each call. Voice agents can answer questions, qualify leads, book appointments, provide business information, and escalate to human operators.
Text message responses are generated by Anthropic’s Claude language model (Claude Haiku 4.5). When an End User sends an SMS to a Ziviro-powered business number, the AI reads the message, considers the conversation history and the Business Client’s configured information, and generates a contextual reply. These responses are fully automated — no human reviews individual messages before they are sent.
AI is used throughout our platform for: call transcript analysis and summarization, lead scoring and qualification, prospect research and business profile generation, contact enrichment from public sources, website content extraction for onboarding, report generation, and workflow decision logic.
AI-generated responses may contain inaccuracies, misunderstand requests, or provide incomplete information. AI decisions are not used to deny services, determine creditworthiness, make employment decisions, or make other consequential automated decisions about End Users. Business Clients maintain ultimate control over their AI agent configuration and are responsible for reviewing AI-assisted outputs. Ziviro monitors AI system performance and intervenes when systematic issues are identified.
Pennsylvania is a two-party (all-party) consent state. Under the Pennsylvania Wiretapping and Electronic Surveillance Control Act, 18 Pa.C.S. § 5704, it is unlawful to intercept, record, or disclose any wire, electronic, or oral communication without the consent of all parties to the communication.
All voice agents operated by Ziviro provide an audible disclosure at the beginning of each call — before any substantive exchange — stating that (a) the caller is speaking with an automated assistant, (b) the call is being recorded, and (c) the call may be transcribed for quality assurance and service delivery purposes.
By continuing the call after the recording disclosure, the caller provides consent to the recording, transcription, and AI processing of the call under 18 Pa.C.S. § 5704(4). Callers who do not consent may disconnect immediately at no penalty. Business Clients provide consent to the recording and transcription of calls handled by Ziviro’s AI agents by subscribing to voice-enabled Services.
Call recordings and automated transcripts are used for: appointment verification and confirmation, service quality assurance, dispute resolution, compliance with legal obligations, generating call summaries for Business Client dashboards, and (in anonymized or aggregated form only) service improvement. Recordings and transcripts are accessible to the applicable Business Client through the client portal.
Ziviro applies Pennsylvania’s two-party consent standard as a baseline for all calls, regardless of the caller’s location. Business Clients operating in other two-party consent states (including California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Oregon, and Washington) are protected by this baseline. Business Clients are responsible for ensuring their own compliance with any additional state-specific recording consent laws applicable to their jurisdiction or their callers’ jurisdictions.
Ziviro operates in compliance with the Telephone Consumer Protection Act of 1991 (TCPA), 47 U.S.C. § 227, the CAN-SPAM Act (to the extent applicable), all applicable FCC regulations and declaratory rulings governing automated messaging, and CTIA (Cellular Telecommunications Industry Association) messaging guidelines. All SMS campaigns are registered through Twilio’s A2P 10DLC program via The Campaign Registry (TCR).
SMS messages are sent only to End Users who have provided prior express consent through one or more of the following mechanisms:
Ziviro sends the following categories of SMS messages on behalf of Business Clients:
End Users may opt out of SMS communications at any time by replying STOP to any message, or through any other reasonable method including email, phone call, or written request. We also honor UNSUBSCRIBE, CANCEL, END, and QUIT as opt-out keywords. Opt-out requests are processed within ten (10) business days of receipt, and in practice are typically honored immediately. The phone number is permanently suppressed from all future messaging campaigns for that Business Client. Opt-out records are retained indefinitely to ensure continued suppression. End Users may re-subscribe by texting START.
All automated messages include: the Business Client’s business name, a clear purpose for the message, and opt-out instructions. Ziviro does not send unsolicited marketing messages. All promotional or campaign messages require explicit Business Client authorization and verified End User consent.
We use the following third-party service providers (“Subprocessors”) to deliver our Services. Each processes data only as necessary to provide their respective functions and is subject to their own privacy policies and, where applicable, data processing agreements:
| Provider | Function | Data Processed |
|---|---|---|
| Twilio | Voice calls, SMS messaging, phone numbers, A2P 10DLC registration, call recording | Phone numbers, call audio, SMS content, call metadata, EIN (for A2P registration), opt-out status |
| ElevenLabs | Voice agents, speech synthesis, call transcription | Call audio (real-time streaming), conversation transcripts, caller intent data |
| Anthropic (Claude) | Language processing for SMS conversations, lead research, data analysis | SMS message content, conversation history, business profile data, prospect research inputs |
| GoHighLevel (GHL) | CRM, contact management, deal pipeline, client portal, marketing automation | Contact names, emails, phone numbers, company info, deal stages, interaction history, lead scores |
| Stripe | Payment processing, subscription billing, invoicing | Billing address, payment method tokens, transaction history, subscription status |
| Google Calendar | Appointment scheduling and calendar management | Appointment dates/times, attendee names, service type, location, calendar event details |
| Cal.com | Online booking and scheduling links | Booker name, email, phone, selected time slot, booking notes |
| n8n | Workflow automation and orchestration | All data flowing through automated workflows (processed in transit; data stored in n8n data tables includes lead records and opt-out lists) |
| Cloudflare | Website hosting (Pages), DNS, CDN, DDoS protection, web analytics | IP addresses, HTTP request headers, page URLs, geographic location (country/region level) |
| Firecrawl | Website content extraction for prospect research and onboarding | Publicly accessible website URLs and page content (business information only) |
| Google Workspace (Gmail) | Business email communications, notifications, reports | Email addresses, email content for system notifications and client communications |
| Google Drive | Document storage for contracts, templates, and internal files | Business documents, contracts, internal operational files |
We require all Subprocessors to maintain appropriate security measures and to process personal data only in accordance with our instructions and applicable law. We do not permit Subprocessors to use personal data for their own marketing or unrelated purposes.
We do not sell personal information. We do not share personal information with third parties for their own direct marketing purposes. We may share information in the following limited circumstances:
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Specific retention periods are as follows:
| Data Type | Retention Period | Basis |
|---|---|---|
| Call recordings | 90 days | Service delivery; extended upon Business Client request |
| Call transcripts | 12 months | Quality assurance, dispute resolution |
| SMS conversation logs | 12 months from last interaction | TCPA compliance, dispute resolution |
| Website form submissions | 24 months | Lead management, consent records |
| CRM contact records | Duration of Business Client relationship + 90 days | Service continuity, data portability window |
| Business Client account data | Duration of service + 30 days | Service delivery, data export window |
| Billing and payment records | 7 years | Tax and legal compliance (IRS requirements) |
| Opt-out / suppression records | Indefinite | TCPA compliance — required to prevent re-contact |
| Website analytics data | 26 months | Performance analysis |
| Contracts and service agreements | Duration of service + 6 years | PA statute of limitations for contract disputes |
Deletion requests: Business Clients may request deletion of their data and their End Users’ data by contacting us at marc@getziviro.com. Deletion requests are processed within 30 days, subject to legal retention requirements. Data that must be retained for legal compliance (such as billing records and opt-out lists) will be retained for the minimum required period and then deleted. We will confirm deletion in writing upon completion.
Our Site currently uses only Cloudflare’s server-side analytics (described below) and does not employ any third-party client-side tracking pixels or advertising scripts.
As our hosting provider, Cloudflare collects server-side analytics including IP addresses (anonymized), request counts, bandwidth usage, geographic distribution, and threat metrics. Cloudflare’s analytics are privacy-focused and do not use client-side tracking or cookies for analytics purposes. For more information, see Cloudflare’s Privacy Policy.
We use essential cookies for site functionality, including session management for the client portal and security features (such as Cloudflare Bot Fight Mode and challenge cookies). These cookies are strictly necessary for the operation of the Site and cannot be disabled.
You may control non-essential cookies through your browser settings. Disabling cookies may affect certain features of the Site but will not prevent you from accessing core content. We do not use cookies for cross-site advertising or retargeting.
We implement industry-standard administrative, technical, and physical security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
In the event of a data breach that compromises the security, confidentiality, or integrity of personal information, Ziviro will:
Depending on your jurisdiction, you may have the following rights regarding your personal information:
To exercise any of these rights, contact us at marc@getziviro.com or call (267) 656-6998. We will verify your identity before processing your request and respond within 30 days (or within the timeframe required by applicable law). If we need additional time, we will notify you of the reason and the expected response date.
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights:
To submit a CCPA/CPRA request, email marc@getziviro.com with the subject line “California Privacy Request.” We will respond within 45 days.
Residents of Virginia, Colorado, Connecticut, Utah, and Texas have rights to access, correct, delete, and obtain a portable copy of their personal data, as well as the right to opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in targeted advertising, sell personal data, or use profiling for consequential decisions. To exercise your rights, contact us at marc@getziviro.com.
These states enacted comprehensive consumer privacy laws effective between 2024 and 2026. Residents of these states generally have rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising and the sale of personal data. Some states (notably Maryland and Nebraska) impose additional restrictions on certain categories of data processing. We extend the same rights described in this Section 14 to residents of all states with comprehensive privacy laws. To exercise your rights, contact us at marc@getziviro.com.
As additional state privacy laws take effect, we will extend comparable rights to residents of those states. If you are unsure of your rights under your state’s privacy law, contact us and we will assist you.
Our Services are designed for use by businesses and are not directed to individuals under 18 years of age. In accordance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, we do not knowingly collect personal information from children under 13. We also do not knowingly collect personal information from any individual under 18. If we learn that we have inadvertently collected information from a child under 13 (or any individual under 18), we will delete it promptly. If you believe a child has provided personal information to us, please contact us at marc@getziviro.com.
Our Services are operated in the United States. All data is stored and processed in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our Services, you consent to such transfer and processing. We do not currently offer Services outside the United States.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: (a) update the “Last Updated” date at the top of this page, (b) notify active Business Clients via email at least 30 days before the changes take effect, and (c) post a notice on our Site. Your continued use of the Site or Services after the effective date constitutes acceptance of the revised Privacy Policy.
If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your privacy rights, contact us:
Email: hello@getziviro.com
Phone: (267) 656-6998
Mailing Address: Ziviro LLC, Hatfield, PA 19440
For TCPA-related inquiries or SMS opt-out issues, you may also text HELP to any Ziviro-powered business number for assistance.